@andres-garcia

I might lack a bit of context, but I think that

user is already created on FusionAuth

You do have the option to choose how FusionAuth will look for users on the tenant (more in the documentation). So you might have FusionAuth look for your user in an external LDAP connector, firstly, for instance.

So I was trying to do it that way because I can't provision the service async using the webhooks.

Is this a limitation of your architecture/design or a limitation you are finding within FusionAuth

Thanks,
Josh
FusionAuth

There is a known issue with performance if you are running our intel based Docker image on an M1 or other ARM based system.

We will be pushing out support for M1/ARM shortly..
We have a test image out there if you want to try it - using this one should provide much better performance.
https://hub.docker.com/layers/fusionauth/fusionauth-app/1.32.1_multi/images/sha256-da71d5be2bc849ef9d4e1205508fa34994973d75798a47cab9a8484ee2592ff7?context=explore

is the latest current experimental version. Make sure you choose the arm64 based image.

You can't do this with the hosted login pages, but there is an issue to allow/disallow MFA on an application by application basis: https://github.com/FusionAuth/fusionauth-issues/issues/763

Currently, you can't bypass MFA, but you can do an end run around by using the Login API.

You can start multi factor with a code you provide: https://fusionauth.io/docs/v1/tech/apis/two-factor/#start-multi-factor

Then complete the login process with that known code: https://fusionauth.io/docs/v1/tech/apis/login/#complete-multi-factor-authentication .

@maciej-wisniowski

Glad that you are able to figure it out. I am not sure if that qualifies as a bug, but definitely something to be aware of and might be worth calling out in our documentation.

I believe that you should have email templates after a kickstart (at least the default ones). I can do some more testing to see if that same thing happens to me when I kickstart.

Thanks,
Josh

@shaheem-aziz

Glad that you are enjoying FusionAuth!

The role name is not changeable. To change the name, you would have to remove the role and then re-add with a new name.

This only applies to the role name. The other fields (isDefault, Description, etc), however, are changeable.

Thanks,
Josh

@amit

Much of this might be context-specific. Entity Management is an implementation of the Client Credentials grant and may fit your use case. This video offers a useful demonstration:

https://www.youtube.com/watch?v=pJIzYLSTrMM

You may also find this to be useful --> https://github.com/FusionAuth/fusionauth-site/pull/1158/files as well if you are trying to implement certain levels of granularity within your permissions.

Hope this helps!

Thanks,
Josh

I'd use a webhook to provision/deprovision the grants.

https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-registration-create-complete/ has the roles for the application, so in the webhook, you can call the FusionAuth grant API to create or revoke the grant.

For initial setup, run a script to get all the users that have a given role (using a user search query) and then grant them access to all the entities.

Think about what happens when a new piece of equipment is added. From what I gather, all users with the "viewer" role will need to be granted access to that equipment. You can take care that of within the 'new equipment added' script: provision the equipment, then add the grant to all users with the "viewer" role.

Depending on when you are going to check the grant and the number of users and pieces of equipment, this may be a good thing to use a queue like SQS for, to add/revoke/update grants asynchronously.

@stuggiboogie I'm not familiar with ionos. You should check with them to make sure they support java applications or docker applications as well as a shell account and a database. If they can provide these and meet the system requirements, you should be able to run FusionAuth.

System requirements: https://fusionauth.io/docs/v1/tech/installation-guide/system-requirements/

Installation using a package: https://fusionauth.io/docs/v1/tech/installation-guide/fusionauth-app/

Installation using docker: https://fusionauth.io/docs/v1/tech/installation-guide/docker/

@owner

Apologies for the trouble. I believe this may be resolved in the issue below. This should be fixed in the next release of FusionAuth.

https://github.com/FusionAuth/fusionauth-issues/issues/1519

Please see the workaround mentioned in this issue and let us know if this resolves this issue for you.

Thanks,
Josh

@oleksiikraieviy and @vindhyahegde2114

This is going to be related to how you set up a generic messenger - I have a few tips here.

https://www.loom.com/share/cdd0835c054b40a4a3a6e2e32f1c9d04

Thanks,
Josh

@zero-enna

Glad that you got this figured out!

Thanks,
Josh

Hi @johnmiller

One option might be to use a webhook and take action based on this event.

https://fusionauth.io/docs/v1/tech/events-webhooks/events/user-email-verified/

Thanks,
Josh

You can now do so as of FusionAuth 1.32.

More details in the issue 628 linked above.

Tracking here: https://github.com/FusionAuth/fusionauth-issues/issues/1519

@johnmiller --

That sounds good!

Feel free to log an issue if you would like to see this supported in the future.

https://github.com/FusionAuth/fusionauth-issues/issues/new/choose

Thanks,
Josh
FusionAuth

@joshua Thanks for answering
So this is not yet possible and all I can do is thumbs up the issue and wait.

@cgoddard I think this was missing documentation that has now been added: https://fusionauth.io/docs/v1/tech/apis/entity-management/grants/#search-for-grants

Let me know if that doesn't address your question.